Privacy Policy for Squarespace Websites: How To Create One

Generate a Free Privacy Policy
Privacy-Policy-for-Squarespace-Websites-01

Squarespace is incredibly user-friendly and offers many tools and plugins to create any website you want, even an ecommerce store.

However, Squarspace’s Terms of Service require you to publish a legally compliant privacy policy to use their services.

Below, I’ll explain why you need a privacy policy for Squarespace sites and how to make one.

Table of Contents
  1. Why a Privacy Policy Is Required for Squarespace Websites
  2. What Must Go In a Squarespace Privacy Policy
  3. How To Make a Squarespace Privacy Policy
  4. Example of a Squarespace Privacy Policy
  5. Summary

Why a Privacy Policy Is Required for Squarespace Websites

Squarespace’s Terms of Service requires you to have a privacy policy that follows any laws or regulations that impact your business.

Squarespace-Websites-Privacy-Policy

Read the highlighted text in the screenshot below to see what Squarespace expects of their users regarding data privacy and privacy policies:

Squarespace-Websites-Privacy-Policy-data-privacy-and-privacy-policies

Squarespace makes it clear that all liabilities fall on you, the business owner, to comply with data privacy laws. So you must take the time to determine which regulations apply to you.

Squarespace-Websites-Privacy-Policy-data-privacy-liabilities

There are also other reasons for creating a privacy policy for Squarespace websites, such as:

  • To build trust with users: Users are more likely to trust your website if you have a solid privacy policy that they can access on-demand. A privacy policy shows your dedication to protecting users’ privacy rights and that you prioritize their user experience and safety.
  • To limit your legal liability: You can get in serious trouble with the law if you don’t have a privacy policy.
  • To do the right thing: Finally, you should use a privacy policy to inform users about their privacy rights because it’s the right thing to do. Everyone has the right to decide how their personal information can be used or accessed.

Which Laws Require a Squarespace Privacy Policy?

Several different data privacy laws require you to post a privacy policy on your Squarespace website, and more than one of them may impact your business.

Remember, Squarespace expects you to know what legislation your business falls under, including data privacy, industry-specific, and consumer protection laws. Otherwise you risk account termination.

To help you, the table below describes the legal threshold for some of the most prominent data protection regulations worldwide, so take note of any that apply to you.

Data Privacy Law Legal Threshold
General Data Protection Regulation (GDPR) Any organization that collects, processes, or stores the personal data of individuals located in the European Union (EU) or European Economic Area (EEA).
The Data Protection Act (UK GDPR) Any organization offering goods or services to UK citizens that processes their personal data.
Amended California Consumer Privacy Rights Act (CCPA/CPRA) For-profit entities that do business in California and meet one of the following:

  • Earned $25 million in gross annual revenue as of January 1 from the previous calendar year
  • Annually buys, sells, or shares the personal data of 100,000 or more California consumers or households
  • Derived 50% or more gross annual revenue from selling or sharing personal information
California Online Privacy Protection Act (CalOPPA) Any website with California visitors falls under the threshold of this law.
Virginia Consumer Data Privacy Act (VCDPA) Entities doing business in Virginia or targeting Virginia residents who meet one of the following:

  • Controls or processes personal data from 100,000+ consumers
  • Derives 50% of gross revenue from the sale of personal data and processes information from at least 25,000 consumers
Connecticut Data Protection Act (CTDPA) Any data controller or processor who conducts business in Connecticut or produces products or services targeted at Connecticut consumers and any controller or processor who meets one or more of the following:

  • Processes the personal data of at least 100,000 consumers (excluding data processed solely for payment transactions) or
  • Processes the personal data of at least 25,000 consumers and derives more than 25% of their gross annual revenue from the sale of personal data
Colorado Privacy Act (CPA) Controllers that conduct business in Colorado or who produce or deliver commercial products intentionally targeted to Colorado residents that meet one (or both) of the following:

  • Controls or processor personal data of 100,000 consumers per year or 
  • Derives revenue or gets a discount on the price of goods or services from the sale of personal data and controls or processes the personal data of at least 25,000 consumers
Children’s Online Privacy Protection Act (COPPA) Any website or online service that is directed at children under 13 that:

  • Collects, uses, or discloses their personal information
  • Have actual knowledge that they’re collecting, using, or disclosing personal data from children under 13
  • Have actual knowledge that they’re collecting personal information from another source or website directed to children under 13
Personal Information Protection and Electronic Documents Act (PIPEDA) Any organization that collects and uses personal information in connection with commercial activities, including selling or sharing donors, membership, or fundraising lists, falls under PIPEDA.
Australia’s Privacy Act of 1988 Any Australian government entities or organizations that have annual gross revenue of $3 million and small businesses that make less than $3 million who meet any of the following:

  • Are private sector health service providers
  • Credit reporting bodies
  • Contracted service providers for an Australian Government contract
  • Employee associations registered under the Fair Work Act 2009
  • Businesses that hold accreditations under the Consumer Data Right System
  • Businesses that choose to opt into the Privacy Act
  • Businesses related to businesses covered by the Privacy Act
  • Businesses prescribed by the Privacy Regulation 2013
New Zealand’s Privacy Act of 2020 Any person, organization, or business in the public or private sector that collects and holds personal information about other people.
South Africa’s Protection of Personal Information Act (PoPIA) Any entity registered to South Africa that processes personal data or people from any location.

And any entities located outside of the country who outsource their data processing to South Africa.

What Must Go In a Squarespace Privacy Policy

The clauses you include in your Squarespace site’s privacy policy depend on the laws you must follow, your industry, and how you collect and process personal information from users.

In this section, I briefly summarize the clauses relevant to Squarespace privacy policies. Take note of the ones you need, and feel free to leave out anything that doesn’t apply to you.

What Personal Data You Collect

Every data privacy law requires you to explain what personal data you collect from users, including any sensitive personal information.

Consider listing this information in a simple bullet list or organizing it into a table to make it easy to read.

See how Schneid Studios, a home goods designer using Squarespace, writes this clause:

Schneid-Studios-Squarespace-privacy-policy-sensitive-personal-information

How and Why You Use the Personal Data

You must explain how you collect personal data from users and why you’re processing it — under laws like the GDPR, this is your legal basis.

See another example of this clause from Schneif Studio’s privacy policy below.

Schneid-Studios-Squarespace-privacy-policy-Personal-Data

If You Share Data With Third-Parties

Most data privacy laws require you to inform your users if you share their information with any third-party entities. You’re typically required to list the categories of data shared with third parties and the categories of the third parties themselves.

Below, see a sample of how Aspect Home, an interior design studio, writes this clause in their privacy policy.

Aspect-Home-Squarespace-privacy-policy-Share-Data-With-Third-Parties

Details About International Data Transfers

Under laws like Australia’s Data Privacy Act of 1988, the GDPR, and PoPIA, you must include a clause explaining your intention to transfer personal data internationally.

For example, see how food company Supernatural Kitchen writes this clause in their privacy policy in the screenshot below.

Supernatural-Kitchen-Squarespace-privacy-policy-International-Data-Transfers

Cookies and Other Tracking Technology

You should also include a clause outlining your use of cookies and other tracking technology in your Squarespace website’s privacy policy.

Not only do internet cookies qualify as personal data under most data protection legislation, but Squarespace also expects you to do this as part of their Terms of Use.

See how Aspect Home writes this clause in the example from their privacy policy below.

Aspect-Home-Squarespace-privacy-policy-Cookies-and-Other-Tracking-Technology

Children’s Data Clause

Many laws protect children, so if your site is aimed at minors or collects personal information from known children, ensure you’re adequately following all relevant regulations and explain those details directly in your privacy policy.

Even if you don’t target children, consider adding this clause and explaining how legal guardians can contact you if they believe you accidentally collected information from a child.

Check out an example of this clause from Aspect Home’s privacy policy below.

Aspect-Home-Squarespace-privacy-policy-Childrens-Data-Clause

Data Retention Policy

Under data privacy legislation like the GDPR, you can only retain personal data for as long as necessary to achieve your legal basis for collecting and processing the information. You must explain this requirement in your privacy policy.

Below, see an example of the data retention clause from Schneid Studio’s privacy policy.

Schneid-Studios-Squarespace-privacy-policy-Data-Retention-Policy

Data Safety and Security

Laws like the GDPR and others hold you accountable for safely storing personal data to prevent it from getting leaked or breached. So add a security clause in your Squarespace privacy policy explaining how you keep this information secure.

See a sample of how Aspect Home writes this section of their Squarespace site’s privacy policy in the screenshot below.

Aspect-Home-Squarespace-privacy-policy-Data-Safety-and-Security

Description of Your Users’ Data Privacy Rights

Many data privacy laws require you to explain in a privacy policy what rights users have over their personal data and how they can follow through on those rights.

Put this information in a clause somewhere in your privacy policy. If you fall under multiple laws, consider creating separate sections covering the rights outlined by each applicable regulation.

Below, see an example from Schneid Studio’s Squarespace privacy policy.

Schneid-Studios-Squarespace-privacy-policy-Description-of-Your-Users-Data-Privacy-Rights

Company Contact Information

Finally, ensure you put proper contact information in your privacy policy. This is legally required by laws like PoPIA, Australia’s Data Privacy Act of 1988, and the CTDPA.

Below, see a sample of the contact clause from Aspect Home’s privacy policy.

Aspect-Home-Squarespace-privacy-policy-Company-Contact-Information

How To Make a Squarespace Privacy Policy

There are several ways you might make a Squarespace privacy policy, including trying a:

  • Managed solution
  • Free template
  • Do-it-yourself approach

Some of these methods are better than others, so let’s go over each solution together so you can pick the way that works best for your Squarespace site.

Use a Privacy Policy Generator

The easiest, fastest, and often most effective way to make a privacy policy for your Squarespace website is to use a managed solution like Termly’s Privacy Policy Generator.

Our generator asks you simple questions about your business. It then creates a compliant, unique policy based on your answers that you can link directly to your Squarespace site.

Whenever you need to make any updates or changes, log back into your Termly dashboard, edit the agreement, and then hit Publish.

Much like using Squarespace to create your website, using our generator to create your privacy policy is incredibly simple. Plus, it’s backed by our legal team and data privacy experts, so you know you can trust it.

In the screenshot below, see an example of one of the compliance questions it asks you.

Termly-Privacy-Policy-Generator

Use a Template

Another easy way to make a privacy policy for your Squarespace website is to use our free privacy policy template.

Templates take longer than generators because you have to manually fill in the blank sections of the document with details about your business. But ours includes the most relevant clauses to help you comply with several significant data privacy laws.

See a sample of what it looks like in the screenshot below.

Termly-free-privacy-policy-template

DIY

You can also write your own privacy policy, but this is only recommended if you have extensive legal knowledge, are experienced in data privacy, or have access to a lawyer. If you leave something out, even by mistake, the law (and Squarespace) holds you responsible.

If you decide to take on this challenge, we have a guide to help you successfully write your privacy policy, so check it out!

Example of a Squarespace Privacy Policy

To help inspire you as you make your own agreement, let’s look at a strong example of privacy policies that an actual Squarespace website uses.

BEMBIEN

We’re using Bembien as our example. They’re an ecommerce store hosted on Squarespace, and they include a clickable link to their privacy policy directly in the website footer, as shown in the screenshot below.

Bembien-Squarespace-Privacy-Policy-privacy-policy-website-footer

Bembien’s privacy policy is concise yet detailed and contains all the information most privacy laws require.

For example, see a sample of their privacy policy clause below explaining what they do with the data they collect from consumers.

Bembien-Squarespace-Privacy-Policy-privacy-policy-clause

They also have a well-written Security Clause in their privacy policy, which helps them meet obligations outlined by laws like the CCPA and the GDPR.

Check it out below.

Bembien-Squarespace-Privacy-Policy-privacy-policy-Security-Clause

Bembien also puts a Contact Clause at the end of their privacy policy that includes a working email address users can contact if they have any concerns regarding their personal information.

See a sample of the clause in the screenshot below.

Bembien-Squarespace-Privacy-Policy-privacy-policy-Contact-Clause

When making your Squarespace privacy policy, follow Bembien’s lead and ensure it’s easy to find, read, and understand — as required by laws like the GDPR and helps you meet Squarespace’s expectations outlined in their Terms of Use.

Summary

If you have a Squarespace site, make sure you also have a valid privacy policy — this is required by law and by Squarespace’s Terms of Service.

But, a comprehensive privacy policy has additional benefits, as it shows consumers that you’re an ethical company that cares about your users’ personal information, privacy rights, and the overall customer experience

Take all of the hassles out of making a privacy policy for your Squarespace website by using Termly’s Privacy Policy Generator. It does all of the formatting for you, so you just need to hit copy and paste.

Masha Komnenic CIPP/E, CIPM, CIPT, FIP
More about the author

Written by Masha Komnenic CIPP/E, CIPM, CIPT, FIP

Masha is an Information Security and Data Privacy Specialist and a Certified Data Protection Officer. She has been a Data Protection Officer for the past six years, helping small and medium-sized enterprises achieve legal compliance. She has also been a privacy compliance mentor to many international business accelerators. She specializes in implementing, monitoring, and auditing business compliance with privacy regulations (HIPAA, PIPEDA, ePrivacy Directive, GDPR, CCPA, POPIA, LGPD). Masha studied Law at Belgrade University, and she passed the Bar examination in 2016. More about the author

Related Articles

Explore more resources